﻿@using Seal.Model;
@{
    SecurityProvider provider = Model;

    //Parameters for this provider
    provider.Parameters.Add(new SecurityParameter() { Name = "default_domain_name", DisplayName = "Default Domain Name", Description = "If not empty, specify the Windows Domain name used for the authentication." });
    provider.Parameters.Add(new SecurityParameter() { Name = "add_windows_groups", BoolValue = false, DisplayName = "Add security groups matching Windows groups", Description = "If true, the user will belong to the security groups having the name of his Windows groups." });
    provider.Parameters.Add(new SecurityParameter() { Name = "windows_groups_skip_domain", BoolValue = true, DisplayName = "Groups matching: Skip domain name", Description = "If true, the Windows-Security groups matching is done without the domain name." });
    provider.Parameters.Add(new SecurityParameter() { Name = "windows_groups_ad_context", Value = "Domain", DisplayName = "Groups matching: Method used to get the Windows groups", Enums = new string[] { "", "Machine", "Domain" }, Description = "Select the context type used to get the Windows Groups. If empty, Windows Identity is used instead of Active Directory." });

    provider.Script = @"@using System.Net;
@{
    SecurityUser user = Model;
	//Basic Windows authentication: check  user/password and set name and groups...
	//user.WebUserName -> user name from the login screen
	//user.WebPassword -> password from the login screen
	if (string.IsNullOrEmpty(user.WebUserName))
	{
		throw new Exception(""The user name is empty."");
	}

	user.Identity = Impersonator.CheckWindowsLogin(user.WebUserName, user.Security.GetValue(""default_domain_name""), user.WebPassword);
	
    if (user.Identity != null) 
    {
        user.Name = user.WebUserName;
		//user.PersonalFolderName -> may be set to defined the personal folder name
		if (user.Security.GetBoolValue(""add_windows_groups""))
		{
			user.AddWindowsGroupToSecurityGroup(user.Security.GetBoolValue(""windows_groups_skip_domain""), user.Security.GetValue(""windows_groups_ad_context""));
		}
		else 
		{
			user.AddDefaultSecurityGroup();
		}

        //User name may be changed from WindowsIdentity
        //if (user.Identity != null) {
        //    user.WebUserName = user.Identity.Name;
        //}
		
		if (user.SecurityGroups.Count == 0)		
		{
			user.Error = ""The user is authenticated but he does not belong to any security group."";
            var log = user.Error + ""\r\nWindows Groups from Windows Identity:\r\n"";
            var identity = user.Identity;
            if (user.WebPrincipal != null) { identity = user.WebPrincipal.Identity as System.Security.Principal.WindowsIdentity; }
            if (identity != null)
            {
                foreach (var group in identity.Groups.OrderBy(i => i.Translate(typeof(System.Security.Principal.NTAccount)).ToString()))
                {
                    log += group.Translate(typeof(System.Security.Principal.NTAccount)).ToString() + ""\r\n"";
                }
            }
            log += ""\r\nWindows Groups from AD:\r\n"";
            if (user.UserPrincipal != null)
            {
                foreach (var p in user.UserPrincipal.GetAuthorizationGroups().OrderBy(i => i.Name))
                {
                    log += p.Name + ""\r\n"";
                }
            }
            Helper.WriteLogEntry(""Web Report Server"", System.Diagnostics.EventLogEntryType.Warning, log);            
		}

        //User default culture, theme and logo can be also overwritten with
        //user.SetDefaultCulture(group.Culture);
        //user.SetDefaultLogoName(group.LogoName);  
    }
    else 
    {
        user.Error = ""The user is not authenticated by Windows."";        
    }
}";
}
